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ENCRYPTION SYSTEM BASED ON 
CROSSED INVERSE QUASI6R0UPS 



BACKGROUND 



10 



15 



20 



The present invention teaches a cryptology system using 
mathematical structures including crossed-inverse quasigroups 
or similar mathematical structures. 

Cryptosystems often use a mapping, f, from the plaintext 
message segment, to a ciphertext segment, C. A parameter E 
is the cryptographic enciphering "key". Here f is the 
enciphering algorithm that generates C from M and E. Thus, 

C = f(M,E). 

The message is decrypted according to a mapping g using a 
decryption parameter. D is the deciphering key, which may or 
may not be the same as the enciphering key E, and g is the 
deciphering algorithm that recovers 'the original message M 
from the received enciphered message C and the deciphering key 
D. Hence M=g(C^D). In a stream cipher, these can be """small" 
functions. The message is divided into segments, M^, and a 
stream of key, E^f is generated. 

The sender computes the stream = f (M}^ , E^) - 

The recipient generates or stores the stream and 
decodes Mj^ = g(C}c f Dj,) , 

Many times, the cryptological algorithms are made public. 
The security against unauthorized reception is in the key 
stream, E^t- The mutual information between Mk and Ek should be 
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sufficiently small that the message cannot be determined by 
statistical methods. Alternately, the space from which is 
selected can be too large to be searched. 

For a public key system, the objects are from very large 
5 sets, e.g., 128 bits which has 2"^^^= 3.4 x 10^^ elements in the' 
set . 

The public knows the function f. The encryption key, E, 
is distributed. A message sender computes and transmits C = 
f (M^ E) , and transmits E if it is randomly generated. In this 
10 case, the owner of the system also has g and either has D or 
has an algorithm to generate D from E. The owner then 
computes g(Cr D) to recover 

The security of such a system is based on the difficulty 
of inverting the function without additional information 
15 that is known only to the owner. 

Nearly all public key cryptosystems are based on finite 
algebra which is both associative and commutative. The 
associative property can be described as {a o ]j) o c = a o (};) o 
c) , where o means any associative arithmetic operation for all 
20 a, b, and c in the algebra. The commutative property also 
holds that a ^ =: b o a for all a and jb in the algebra. 

The kind of algebra used in existing systems includes, 
for example, 1) integer arithmetic, modulo an integer, 2) 
finite fields, and 3) the arithmetic of elliptic curves. All 
25 of these are associative and commutative algebras. 
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An associative arithmetic operation has the property that 
serial encryption using that operation results in no more 
security than a single encryption. Two successive 64-bit 
encryptions, for example, use 128 bits, but in associative 
arithmetic this is merely equivalent to another 64 bit. 
encryption . 



This invention describes an encryption system using a 
technique which is, in general, not associative or not 
commutative or neither associative nor commutative. 

A disclosed mode uses "crossed-inverse quasigroups" for 
encryption . 



These and other aspects of the invention will now be 
described with reference to the attached drawings, in which: 

Figure 1 shows a circuit used for the encryption; 

Figure 2 shows a flowchart of a disclosed mode; and 

Figure 3 shows a flowchart for double encryption using a 
disclosed mode. 



SUMMARY 



Brief Des 



cription of the Drawings 



A quasigroup is 
table described by a 



Detailed Description 
a set of objects with a multiplication 
latin square of size n x n using n 
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distinct symbols which has certain characteristics described 
herein. In a latin square, each of the n symbols appears once 
and only once in each row and in each column. For n>=5, there 
are a very large number of latin squares and therefore of 
5 quasigroups. The number of distinct latin squares, and 

therefore of inequivalent quasigroups, for n=10, is known to 
be 7,580,721,483,160,132,811,489,280, or 7.58 x 10^^ For 
n>=ll, the exact number of possible quasigroups is unknown. 
At n=14, the number of inequivalent quasigroups is estimated 

10 to be about 2.33 x 10"^°. 

A quasigroup which is associative is, by definition, a 
group. The number of groups of order n (i.e. with n distinct 
elements) is very small compared to the number of quasigroups 
of order n, except for very small n, e.g. for n<=4, where the 

15 number of quasigroups is not yet very large. The ratio of the 
number of groups to the number of quasigroups tends to zero as 
the size thends to infinity. 

For example, there is only one group of n elements when 
n= 1, 6, 7, 9, 11, 13, 14, 17, 19, 23, 29, and for infinitely 

20 many larger values of n. For each n<=30, the number of 

distinct commutative groups with n elements is fewer than six. 

If n is .the number of elements in the quasigroup, then, 
in principle, a multiplication table can be formed by an n by 
n array indexed by the elements, a b = L(a,b) , where L 

25 represents a latin square. A latin square has the property 
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that the elements in each row and in each column are a 
permutation (rearrangement) of the elements of the quasigroup. 
For the "row" property of the latin square, this is equivalent 
to the statement that for each pair (a, jb) the equation a x 
= h has exactly one solution for x. Analogously, the "column" 
property says that for each pair (a, jb) , the equation y o a = 
h has exactly one solution for y. 

The notation "a ^ jb" indicates whatever rule of combining 
a and h is used in the quasigroup. In special cases, "<>" could 
be a plus-sign or a times-sign, both of which are normally 
used to indicate associative operations. In general, however, 
there need be no specific interpretation of the operation 
indicated by a ^ jb other than what is shown in the "quasigroup 
table" itself. 

This lack of any other interpretation of the symbol, and 
its failure to obey familiar rules like the associative and 
commutative rules, makes the disclosed system unusually 
difficult for a cryptanalyst adversary. In practice, the 
operation can be defined by a "rule" to make the calculation 
feasible, even when the quasigroup is too large to store in a 
memory . 

A crossed-inverse quasigroup (ci-quasigroup) has an 
additional requirement, or property, beyond those described 
above for a quasigroup. For each element, a, in the ci- 



Attorney ^^Btet No.: 06666/032001 



quasigroup, there exists another element, a\ such that a' (M 
o a) = M for all M in the quasigroup. The relation between a 
and a' is a permutation, a' = 7t{a) . This permutation is called 
the ci-permutation. Put a different way, operating on the 
5 left with a' undoes the result of having operated on the right 
with a. That is, to recover M after M ^ a has been computed, 
(M o a) is operated from the left with a* to get a' o (M ^ a) = 
M. 

The algorithm for the ci-permutation can be computed 
^ 10 rather than stored, to facilitate the use of very large ci- 
r^: quasigroups. 

p^" A trivial crossed-inverse quasigroup is one for which the 

ci-permutation, 7i, has the property, 7r(7r(x)) = x. All others 

Q are called non-trivial, 

m 

fy 15 A group G is any collection of objects a ,jb, . . . with an 

O operation such that a*jb is again in G whenever a and b are 

in G; where a*(jb*c) = (a*jb)*c for all a, jb, and c (not 
necessarily distinct) in G; where there is an element e in G 
with e*a = a*e = a for every a in G/ and where, for each a in 
20 G there is an "inverse" a""^ such that a""^*a = e = a*a~^. There 
is a vast mathematical literature about groups. 

Every group is a quasigroup, but not every quasigroup is 
a group. Hence, groups are a special subset of the universe 
of quasigroups. Unlike groups, quasigroups are not required 
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to obey the associative rule a*(jb*c) = (a*jb) *c for all a, b, 
and c. Those quasigroups which are not groups are referred to 
herein as non-group quasigroups. 

Those groups which are also crossed-inverse quasigroups 



permutation in this case is merely the mapping from elements 
to their multiplicative inverses. If we iterate the mapping, 
7t(7c(a)), we get a. That is, two applications of the ci- 

permutation gives the "identity permutation" when working in a 
10 group. 

The disclosed mode uses non-trivial, non-group ci- 
quasigroups as the basis for encryption. The requirement of 
non-triviality excludes the use of groups, so only quasigroups 
which are not groups can be used. For use in public-key 
15 cryptography, the possessor of the public key publishes an 
algorithm to compute a ^ jb in the ci-quasigroup, e.g by 
distributing mathematical information indicating the latin 
square of the quasigroup. The possessor keeps secret the ci- 
permutation, B. 

20 The operation is shown and described with reference to 

Figures 1 and 2. 



quasigroup, and its ci-permutation, to use as a key. One way 
to do this is as follows. Let G be any commutative group of n 
25 elements, where n+1 is a composite number, i.e. n+l=rs, where 



must be commutative and have n(a) = a 



-1 



That is, the ci- 



The first step is to find a non-trivial, non group, ci 
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r and s are both integers greater than 1. The group operation 
in G can be represented by juxtaposition, so that the "product" 
in G of two of its elements, x and y, is denoted by xy. 
Define a new operation "<>" on the elements of G by the relation 
5 aob=a^b^. Then the elements of G with the operation © form a 
ci- quasigroup, where the right crossed inverse of the element 
a is a", where u=(-r)'^. The ci-permutation for this quasigroup 
will depend on which commutative group G is used. The 
quasigroup Q is distributed as the public part of the key. 

10 The ci-permutation is kept secret. 

For security, the quasigroup Q should have an n at least 
10'^^, and often much larger. 

For use in a stream cipher , the sender breaks up the 
message to be sent into fixed size blocks of T symbols each, 

15 where a symbol is a short segment of message, {Mf, 1< t < T} , 
generates the key, {Et : 1 ^ t < T} , which is often a random 
session key, and uses the ci-quasigroup to produce ciphertext, 
{Ct : 1 < t < T}, as follows: 




20 Ct = Mt Et, 

The number of possible symbols must be sufficiently large to 
make an exhaustive search infeasible. 

The sender transmits both the key and the ciphertext, 
25 (Et, Ct) . The intended receiver knows the ci-permutation, 
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The receiver uses the ci-permutation and the permuted key 



sequence, {Dt = B{£t}: 1 ^ t ^ T} to decipher the message as 



follows : 



5 



o Ct = 



o 



(Mt o Et) . 



The security lies in the distinction between the 
encipherment key and the decipherment key. An interceptor has 
C and E, However, solving the equation C = M <> E is equivalent 

10 to finding the ci-permutation, which is an exceedingly 

difficult task for large n. That is, for sufficiently large 
ci-quasigroups , the cryptanalyst will not be able to decode 
the ciphertext without knowing the crossed-inverse of E. The 
size of the ci-quasigroup is made large enough that it is not 

15 feasible to search for D, 

Figure 2 shows a flowchart of operation. A "public" key 
is distributed at 200. That public key is not necessarily the 
ci-quasigroup, but only a rule or procedure for calculating 
"products". The private key is the "quasi-inverse" rule, which 

20 is not publicly disclosed. The fact that the product rule is 
that of a ci-quasigroup could also be kept secret if desired. 

The user then gets a message to send at 200, and uses a 
random seed at 204 to form an encrypting key E. The 
encrypting key E is used to form cyphertext C = M o e at 206, 

25 and C and E are sent at 208. 
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As added security, the sender could also be provided with 
another encryption key E* which is used to encipher E so that 
the sender sends C ^ M o e and {E o E*\ . The receiver uses 7C{E 
*) to recover £ and n{E] to recover M. In all of this, the 
5 basic principle is that knowing the encryption key does not 
aid an interceptor's decipherment problem, because the 
decryption key is different from the encryption key. 



10 FIRST EXAMPLE 

This simple example is presented only to illustrate the 
encryption/decryption calculations and is not intended as a 
working system. Let the ci-quasigroup have the following 
"'multiplication table" : 
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The ci-permutation for this quasigroup is 
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Suppose the sender wishes to send '1' as the message and 
use encipher key '5'. Then from the table entry with row index 
1 and column index 5, we obtain 3, (1 o 5 = 3), so the 
ciphertext is '3*. The sender sends C=3 and E=5. 



encipher key, 5, to get D = n(5) = 5. The recipient then 
computes 

£) o C = 6 o 3 . This is the entry with row index 6 and column 
index 3. This entry is *1' (6 o 3=1), which is the original 
10 message. 

SECOND MORE ELABORATE EXAMPLE 

An example using all letters of the alphabet plus some 
punctuation would require an unwieldy table for this 
15 presentation, so this example uses twelve letters of the 
alphabet, {A,E,F,G^H, I,M,N^O,R,S,T] along with a word 

separator, *, to give a thirteen by thirteen multiplication 
table. Again, this example is intended as a simplified 
illustration. The reduced alphabet size as shown below is far 
20 too small to withstand an exhaustive attack. The encryption 
system is described with reference to Figs 1 and 2. In this 
example, the ci-quasigroup multiplication table is 



5 



Now the recipient applies the ci-permutat ion to the 
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In the disclosed example, this is the "public" key 100. The 
system of Fig, 1 describes the computer operates according to 
the flowchart of Fig. 2, by first disseminating the public key 
100 at 200. 

The ci-permutation for this quasigroup is 



a 
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Suppose we wish to send the message 
10 A*MESSAGE*FOR*AGENTS 

At step 202 this is sent from the encrypting circuit 110, 
to the decrypting circuit 120 that stores the private key 150. 
A random seed (variable random_seed) is stored in the 
15 encrypting circuit 110. This is used to create a random 

encrypting key that is within the allowable alphabet. For this 
simple example, the encrypting key E is AEFGHIMNORAEFGHIMNOR . 

The ciphertext C is calculated at 206, in the encrypting 
circuit . 

20 The computation of the ciphertext, C, is the following: 
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The entry in the message row M is used as the row index 
in the quasigroup table and the entry in the key row C is used 
5 as the column index. For example, the first (M,E) pair, {AfA), 
indicates the second row, second column in the multiplication 
table. The ciphertext from this entry is F. The second pair, 
(*, E) , indicates the first row, third column in the table. 
The entry there is J. Proceeding in this way until the last 
10 pair, (S,i?), we see that the entry in row S, column R, is F. 

At step 208, the sender sends the key (the row labeled F) 
and the ciphertext (the row labeled C.) This is received by 
the decrypting circuit at 210. 

The receiver transforms the key using the ci-permutation, 
15 and then uses the ci-quasigroup to recover the message at 212. 
This is shown in the following: 
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Here the n{E} row and the C row are used as indices in 
the ci-quasigroup table. For example, the pair of first 
5 entries in these two rows is {E^F}. The entry in row E and 
column F is A, the first letter of the message. 

The sender, or in the case of a public key system, the 
public, has the multiplication table, or the rules for 
multiplication. For a large enough ci-quasigroup, however, 
10 finding the inverses of the ciphertext without the permutation 
can be the equivalent of searching the whole keyspace. For 
example, a 64 bit keyspace could require 2^^ searches for each 
entry. Having the crossed inverse allows direct calculation 
of the message. As in most cipher systems, the difficulty of 
15 encipherment increases as the size of the keyspace increases. 
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An Example of a Quasigroup with an Arithmetic Implementation 

The example is presented only to illustrate the 
encryption/decryption calculations. As in other previously- 
described systems, this is not intended as a working system. 
5 It is far too small to be used in practical cryptography. The 
ci-quasigroup is constructed as follows: Two primes, p = 3 and 
q = 11 are chosen and the product, pq = 33, is formed. The 
integers modulo 33 fall into two sets, those without 3 or 11 
as factors and those that are multiples of 3 or 11 or both. 

10 The former set forms a group under multiplication modulo 33. 
For example 4 * 10 = 40 = 7 mod 33 while neither 3 nor 11 are 
factors of 4, 10, or 7. The 20 elements of this group are {1, 
2, 4, 5, 7, 8, 10, 13, 14, 16, 17, 19, 20, 23, 25, 26, 28, 29, 
31, 32}. The ci-quasigroup also has size 20, and consists of 

15 the numbers from 11 to 20, while its arithmetic is computed 

from a non-associative, non-commutative use of the arithmetic 
of the group. Two ci-quasigroup elements, (a,b), are mapped 
to the group by a function, Quasi2Group (x) , described below. 
In the group, these elements (Ya,Yb) are combined by the 

20 formula, gc = (ga)"^(gb)^- Then gc is mapped back to the ci- 
quasigroup by a function c = Group2Quasi (gc) . 



The function, Group2Quasi (x) , is simply 



Group2Quasi{x) =jc - — 



25 
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where the symbol, [x] , indicates the integer part of a number. 

A formula for the function Quasi2Group (x) is more cumbersome, 
but a simple algorithm for it as follows: 



Letg* = x-¥ 



p-1 



q-\ 



1. 



Then g*+6 for each 5 = 0, 1, and 2 is tested to see if x = 

Group2Quasi (g^*+5). Exactly one value of 6 will succeed and 

the corresponding * + 5 will be the correct value of 

10 Quasi2Group (x) . The following is the resulting multiplication 
table for the ci-quasigroup . 
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The ci-permutation for this quasigroup is obtained by 
mapping the elements to the group, raising to the 17 power and 
mapping back to the ci-quasigroup . The table for this 
5 permutation is 



-19- 



Attorney ^Het No.: 06666/032001 



a 


1 
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3 


4 


5 
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7 


8 


9 


10 


11 


12 


13 


14 


15 


16 


17 


18 


19 




7t(a) 
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18 


10 
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17 
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13 


15 
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16 


14 


19 


4 


12 


11 


3 





Sample Calculation 

Encipherment proceeds as follows. Suppose a message 
component is M=3 and the corresponding key component is K = 2. 
5 The ciphertext component is C = 3 o 2. Begin by determining 
the group elements corresponding to 3 and 2. For 3, g* = 3 
and it is found that 5=1. For 2, g* = 2 and 5=0. So the 
group elements are 4 and 2. Next compute 4^ mod 33 = 31 and 2^ 
mod 33 = 29. Multiplying 31 o 28 mod 33 = 8. Finally 

10 Group2Quasi (8) = 8 - [8/3] - [8/11] =8-2=6 The result is 
3 o 2 = 6 and the ciphertext component is C = 6. 

The decipherment proceeds as follows. The computation is 
7c(K)o c, where K = 2 and C= 6. To compute 7i(K) , map K to 
Quasi2Group (K) = a = 2, and compute a^'^ mod 33 = 29. Then 7i(K) 

15 = Group2Quasi (29) = 18 and the decipherment is 18 ^ 6, which 
can be computed using the above algorithm and yields 3, the 
original value of M. 

Iterative Encipherment 
20 Unlike most cipher systems, the difficulty of decipherment 

increases geometrically when two iterative arithmetic 
operations are used. This is, in fact, an important advantage 
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of this system when it is used in interactive encipherment . 
In this method, several encipherment keys are used: Ei, £2, 
E3.... The ciphertext is produced as a product, C = (...(( (M ^ 
EJ c> EJo £3) . . . ) 

The operation is shown in Fig. 3 which shows the simplest 
case, C=(Mi o E Jo £2- The flowchart of Fig. 3 shows getting 
the first key Ei at 300. An interim_result_l , is calculated 
at 302 as Ii = M o The second key £2 is obtained at 304. 

The ciphertext C is calculated as C=Ii <> £2. The ciphertext 
El and £2 are all sent at 308. 

Since the quasigroup is not associative, in general (M o 
E^)o E2 * M o (E^ o E2) . Indeed, in general there will be no £^ 
such that M o =(M ^ EJ^ E2. 

That is, there is no single element which can take the 
place of the iterated multiplication. This is the opposite of 
several existing public key systems. For example, in the RSA 
system, if Ei is used to encipher M and the result is again 
enciphered using £2, the result is the same as a single 
encipherment using the product £1 o £3. 

Iterative encipherment with ci-quasigroups , increases 
exponentially the number of mappings or permutations from 
"message space" to "cipher space". Therefore using 3 
encipherments of key size 32 sequentially produces the 
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equivalent of enciphering with a key size of 32 



^ = 32,768 



elements . 

Successive iterations can also change direction- left to 
right versus right to left. That is, an encipherment 
involving a left quasi-inverse can be followed by an 
encipherment involving a right quasi-inverse, A standard 
technique for decrypting a double encipherment, called the 
"meet in the middle" approach, is rendered impossible by this 
direction-changing encipherment with ci-quasigroups . 

In a non-associative system, there is a plurality of 
inequivalent ways to insert parentheses in a product of three 
or more factors, and this can also be part of the key. For 
example, if "o" is the operation in a non-group quasigroup, 
ao(boc) ^ (aob)oc for some choices of a, b, and c in the 
quasigroup, and all five of (aob)o(cod), ao(bo(cod)), 
((aob)oc)od, (ao(boc))od, and ao((boc)od) might be different 
elements of the quasigroup. (In a system with an associative 
operation "o", such as a group, all five of these would 
necessarily be the same.) With five "factors", there are 
fourteen different ways to insert parentheses into a © b ^ c <> d 
o e, which might all yield different answers in a non-group 
quasigroup. The number of different ways to insert 
parentheses in a "product" of K factors in a non-associative 
system grows exponentially with K, following the sequence 1, 1 
,2 ,5 ,14 ,42 , 132, ... of the so-called Catalan numbers. 
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BLOCK CIPHER APPLICATIONS 

Another embodiment uses ci-quasigroups for block cipher 
applications . 

5 In the case of block ciphers, each user uses the intended 

recipient's "encipherment element", which is used to one- 
sidedly multiply the plaintext block to produce the ciphertext 
block. The decoder then uses the quasi-inverse of that 
enciphering elements (one for each user) , but only his own 
10 deciphering element (the quasi-inverse of his enciphering 
element) . 

A block cipher is a function of a message and a key which 
produces ciphertext and for which an inverse function exists: 

15 C = f(M,K) (the encryption); 

M^finv(C rK) (the decryption) . 
For transmission in the opposite direction, the roles of 
f and finv are reversed. In these applications, unlike "public 
20 key" systems, the key, K, is secret, known only to the sender 
and recipient. The sender and recipient can decode one 
another's messages, but no one without the key can do so. 
To use a ci-quasigroup as a block cipher, we take 

25 f{M,K) = Mo K (the encryption); 
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and finv(C,K) = B{K)oC 



(the decryption) . 



The fact that the sender uses K and the recipient uses 
B(K) gives added security. If an agent steals one of these 
5 keys, he can decode messages in one direction only. 

Before the invention of public key systems, the great 
majority of cryptographic cipher systems used block ciphers, 
and many block ciphers are still in use. Most commonly, these 
"traditional" systems calculate C = M -h K, where the "addition" 
10 operation, symbolized by the plus sign, is performed in an 
algebra which is both associative and commutative. 

The cryptanalyst's task is rendered considerably more 
difficult in the system of Fig. 4, where C = M o k indicates 
an operation performed in a ci-quasigroup which is neither 
15 associative nor commutative. 

Although only a few embodiments have been described in 
detail above, other embodiments are contemplated by the 
inventor and are intended to be encompassed within the 
following claims. In addition, other modifications are 
20 contemplated and are also intended to be covered. 

OTHER UNCONVENTIONAL ALGEBRAIC SYSTEMS 

The above disclosure has emphasized the use of 
quasigroups, and especially ci-quasigroups, for applications 
25 to cryptology. However, unconventional algebraic systems with 



-24- 




Attorney 




;et No. : 06666/032001 



two operations such as neo-f ields and near-rings , can 



similarly be used to advantage in cryptographic system. 



In a field , the elements form a commutative group with 
respect to a first operation, called "addition". If the zero 
element is removed, the remaining elements form a commutative 
group with respect to a second operation, called 
"multiplication". This is the conventional arithmetic that 
underlies almost all the cryptographic systems currently in 
use. In a neo-f ield , the two commutative groups of a field are 
replaced by quasi-groups . If one of these quasigroups is a 
ci-quasigroup, the neofield is called an xip-neof ield . 
Encryption schemes even more elaborate that those already 
described, but using the same principles, can be based on xip- 
neof ields . 

In a ring , the elements form a commutative group with 
respect to a first operation "+", called "addition"; and the 
second operation "x", called "multiplication", satisfies 
closure: a x b is in the ring for all a and b' in the ring. It 
satisfies associativity : a x(b x c) = a x(b x c) for all a, b, 
c in the ring. It also satisfies the two distributed rules 
with respect to addition: a x(b + c)=(a x b)+(a x c) and (a + 
b) X c = (a X c)+(b X c) . (Every field is a ring but not 
every ring is a field. A neo-field, in general, will not be a 
ring, because both operations in a ring must be associative.) 
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A near-ring satisfies the requirements for a ring except 
that the elements may form a non-commutative group with 
respect to "+", and only one of the two distributive rules is 
required. Since the arithmetic in almost all widely used 
5 cryptographic systems is based on rings , the use of near-ring 
arithmetic brings a significant degree of unf amiliarity to 
cryptography. Moreover, all the advantages of non- 
commutativity discussed in connection with non-group 
quasigroups are also present. Although both operations, 

10 and "x", in a near-ring are associative, neither of them need 
be commutative. (In the three most commonly used algebraic 
systems in contemporary cryptography, finite fields, modular 
arithmetic, and elliptic curves, both arithmetic operations 
are commutative.) Hence, one operation can use encryption 

15 with non-commutative arithmetic. 

OTHER CRYPTOLOGIC APPLICATIONS 

Although the cryptologic application of the present 
invention which has been discussed and illustrated in the 
20 greatest detail is to the encipherment of messages, the 

techniques disclosed are equally applicable to encryption and 
decryption of all other forms of information, including for 
example for use in identification , verification , and 
authorization. 
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Identification is the process of determining that someone 
is who he/she claims to be, prior to granting that person 
access to information or to a physical location. (PINs and 
passwords are simple examples of identifications) . 

Verification is the process of determining that 
something, such as a signature, a document, or a physical 
object, is genuine. ("Digital signature" is an important 
special case) . 

Authorization is the process of determining that a 
prospective user (e.g. of a proprietary computer program, or 
of a satellite television channel) meets the requirements for 
use (e.g. by having paid a fee, or signed up for a service, or 
by having a sufficiently high position in an appropriate 
organization) . 

With the steadily increasing importance of electronic 
commerce, the applications of cryptography other than to 
encrypting messages are rapidly gaining in economic 
significance. These include, for example, digital signatures, 
digital fingerprints, zero knowledge proofs, dynamic 
passwords, and access control, for example. These 
cryptographic techniques can be used for these other 
applications . 
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